Organisations are failing to remove important information from computer hard drives when they dispose of them, researchers are warning.

A University of Glamorgan study found more than half the hard drives they saw still contained sensitive information.

It is feared some of the information could be used by criminals.

The Information Commissioner's Office, which monitors data disposal, has said it will be tough on any organisations breaching the Data Protection Act.

The study examined 105 hard drives which had been purchased on internet auction sites and was able to access 92 of them.

They can't just take hard disks and throw them in the bin and say we have disposed of them

Dr Andrew Blyth

The data recovered by the university team included staff passwords and national insurance numbers, a template to print a university degree and even detailed information about school children.

Researchers found 57% of the readable disks contained data which allowed the original owners - ranging from organisations in the leisure and financial services industries to a number of universities - to be identified.

A fifth of the disks contained financial information, including sales receipts and profit and loss reports.

And disks from home users or small firms had family information, VAT numbers and internal organisation data on them.

Dr Andrew Blyth, principal lecturer at the university's School of Computing, said companies needed to have a "cradle-to-grave" approach to computer security.

Dr Blyth said information left on hard disks can be used by criminals

He said organised crime now saw e-crime - including identify theft - as a source of revenue.

"This type of information could fall into all types of criminals' hands," he said.

"We're not just talking about organised crime, about hackers, we're also talking about extortionists, blackmailers, even conceivably, paedophiles.

"Companies need to wake up to the fact that under the Data Protection Act, they have a duty of care towards personal data.

'Paranoid'

"They can't just take hard disks and throw them in the bin and say we have disposed of them, they have a duty to make sure that data is disposed off a sound manner.

"The advice we always give is take a six inch nail and stick it through your hard drive - physical destruction of the hard drive is the only way to be sure that you have got rid of that data."

Dr Blyth added there were software programmes, some of which were freely available, which offered users the chance to clear their hard drives for re-use by others.

"There are companies out there that can do that and there is software out there which will do it, some of it open source," he said.

But he cautioned research done at the university previously had found some of the programs were significantly less successful than others.

"The only way to be sure if you are really paranoid about your data is to physically destroy your device," he told BBC Wales' news website.

The Information Commissioner's Office, which monitors data disposal, has said it will be tough on any organisations breaching the Data Protection Act.